If you are using kubenetes 1.6.x you need to define RBAC rules for the controller to access the default-http-backend service and other required components.
I0531 02:36:29.882636 7 launch.go:101] &{NGINX 0.9.0-beta.7 git-c1b8a32 https://github.com/kubernetes/ingress}
I0531 02:36:29.882660 7 launch.go:104] Watching for ingress class: nginx
I0531 02:36:29.882815 7 launch.go:257] Creating API server client for https://10.254.0.1:443
F0531 02:36:29.914513 7 launch.go:118] no service with name kube-system/default-http-backend found: User "system:serviceaccount:kube-system:default" cannot get services in the namespace "kube-system". (get services default-http-backend)
解决方法:
apiVersion: v1
kind: Namespace
metadata:
name: nginx-ingress
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: nginx-ingress
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: nginx-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: nginx-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: nginx-ingress
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: nginx-ingress
相同的问题
2017-06-15 03:05:29 +0000 [info]: adding match pattern="**" type="elasticsearch"
2017-06-15 03:05:29 +0000 [error]: config error file="/fluentd/etc/fluent.conf" error="Exception encountered fetching metadata from Kubernetes API endpoint: 403 Forbidden (User \"system:serviceaccount:kube-system:default\" cannot list pods at the cluster scope.)"
2017-06-15 03:05:29 +0000 [info]: process finished code=256
2017-06-15 03:05:29 +0000 [warn]: process died within 1 second. exit.
You have new mail in /var/spool/mail/root
解决方法: